Thread: Good random numbers in PG? And crypto-wishlist

Good random numbers in PG? And crypto-wishlist

From
"Dr. Evil"
Date:
I'm writing an application that requires cryptographicly-sound random
decimal digits in PG.  One way to do this is with a plain old hash
like SHA1.  The problem is that this produces a 20 byte string, when
what I want is a digit from 0 to 9.  One thing I could do is take this
20 byte string, and return the first 8 bytes of it as a INT8, and take
the mod10 of it.  That should be mostly random.  Is this a good way to
do it?  Or is there some better way?

Btw, this is on OpenBSD, which has its own internal RNG, which is
cryptographicly sound.  On such systems, does the RANDOM() function
use the cryptographicly sound RNG, or does it use the C library's
plain old low-quality RNG?

Someday it would be really cool if PG had linked-in cryptographic
functions.  I wrote a SHA1 hash and DES that link in, which is a good
start, but it would be awesome to also have RSA encrypt/decrypt/sign,
and AES encrypt/decrypt, and also something that can process OpenPGP
format messages (ie, with GPG).  Maybe as I get better with linking C
functions in to PG I'll work on some of that.  Oh yeah, and while I'm
making a wish-list, having an option to encrypt the physical database
file that PG uses would be fantastic.  Some of us are storing some
valuable data in these things, and basically none of the free OSes
support file system encryption in a way that doesn't suck.  I know
everyone will say, "do it at the FS layer", but that just isn't
reality right now, and it's a lot cheaper to encrypt the database than
it is to physically secure the machine in many cases.

Thanks

Re: Good random numbers in PG? And crypto-wishlist

From
Martijn van Oosterhout
Date:
On Thu, Jul 26, 2001 at 05:02:30AM -0000, Dr. Evil wrote:
> file that PG uses would be fantastic.  Some of us are storing some
> valuable data in these things, and basically none of the free OSes
> support file system encryption in a way that doesn't suck.  I know
> everyone will say, "do it at the FS layer", but that just isn't
> reality right now, and it's a lot cheaper to encrypt the database than
> it is to physically secure the machine in many cases.

Just out of curiosity, in waht way does linux's encrypted filesystem suck?
Other than the fact that the modules arent shipped with the kernel by
default, running losetup then mount doesn't sound like a major issue to me.
--
Martijn van Oosterhout <kleptog@svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.

Re: Good random numbers in PG? And crypto-wishlist

From
Bruno Wolff III
Date:
On Thu, Jul 26, 2001 at 05:02:30AM -0000,
  "Dr. Evil" <drevil@sidereal.kz> wrote:
>
> I'm writing an application that requires cryptographicly-sound random
> decimal digits in PG.  One way to do this is with a plain old hash
> like SHA1.  The problem is that this produces a 20 byte string, when
> what I want is a digit from 0 to 9.  One thing I could do is take this
> 20 byte string, and return the first 8 bytes of it as a INT8, and take
> the mod10 of it.  That should be mostly random.  Is this a good way to
> do it?  Or is there some better way?

This isn't necessarily useful for making it work in postgres, but I have
a way to get uniform random distributions from uniformily distributed
binary numbers. This is for a die roll server and uses the output from
/dev/random as the source of uniformly distributed binary numbers.
The module that does this part can be found at:
http://wolff.to/dice/Roll.pm
For more information on the dice server see:
http://wolff.to/dice/